Privacy Policy

Privacy Policy

Bennett Hay Ltd is strongly committed to protecting personal data. This privacy statement outlines why and how we collect and use personal data pertaining to our external stakeholders within the requirements of the General Data Protection Requirements (GDPR) 2018.

Data Sources

Our policy is to collect only the personal data necessary for agreed purposes

  1. Bennett Hay processes personal data about existing and potential clients and/or individuals associated with them using a customer relationship management system, Sales Force.
    1. The collection of personal data about contacts and the addition of that personal data to the Sales Force is initiated by Bennett Hay colleagues and will include name, employer name, contact title, phone, email and other business contact details.  
    2. Data regarding potential clients may be collected from other sources such as business directories or other publicly available sources.
    3. Data for prospective clients is sometimes obtained from a reputable GDPR compliant data list company based on client company details that have already provided the necessary consent
  2. We collect and process personal data about our clients in order to manage the relationship, and meet our contractual obligations.  Where we need to process personal data to provide our services, we ask our clients to provide the necessary information and provide consent.
  3. We collect and process personal data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, contract, to receive products and services from our suppliers and, where relevant, to provide professional products and services to our clients.
    1. The personal data about our suppliers is provided by them directly, with their consent.

Types of Data

We collect and use the personal data of our external stakeholders in order to manage and maintain our relationship with those individuals and their associated businesses, including:

  • Contact details;
  • Business activities;
  • Information related to the services we provide
  • Information about management and employees.

What is the legal basis for processing the information?

We process personal data in order to run our business, and meet our contractual obligations, including:

  • to administer and manage our relationship with clients;
  • to administer and manage our relationship with suppliers
  • developing our businesses and services (such as identifying potential new clients)
  • processing of financial transactions, including payment for good and services

Sharing and Storing Personal Data

  1. legally obliged to do so;
      1. HMRC – for tax purposes
      2. Regulators associated with our services – for example the Environmental Health Organisation.
      3. Law enforcement upon request.

or where we need to comply with our contractual duties and have appropriate consent;

  1. All personal data is stored centrally on the secure, cloud based storage system ‘Dropbox’, and on our Information Management System ‘Indicater’
  2. Details of how long we will keep personal data can be found in our Data Management Procedure BM126, and will vary dependent on the type of data and legitimate business interest. 
  3. We have security measures in place to protect our and external stakeholders information (including personal data), further details of which can be found in our Data Management Procedure BM126 or by emailing our Data Protection Officer, Claire Huish as below

Individual rights

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) individuals have a number of rights with regards to their personal data, which we recognise; 

  1. Individuals have the right to request from us access to and rectification or erasure of their personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability. 
  2. If an individual has provided consent for the processing of personal data they have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before the consent was withdrawn. 
  3. Individuals have the right to lodge a complaint to the Information Commissioners’ Office if they believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to their personal data. 

Identity and contact details data protection officer

Any concerns regarding how personal data is processed can be addressed as follows: 

or at the company registered office;

One Friar Street
RG1 1DA 

Service Providers

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.


We may use third-party Service Providers to monitor and analyze the use of our Service.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

Opt out of Google Analytics tracking


For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:

Behavioral Remarketing

Kri8it uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party
vendors use cookies to inform, optimize and serve ads based on your past visits to our Service.

Google AdWords

Google AdWords remarketing service is provided by Google Inc.

You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google
Ads Settings page:

Google also recommends installing the Google Analytics Opt-out Browser Add-on – – for
your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:

Tracking & Cookies Data

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

Session Cookies. We use Session Cookies to operate our Service.
Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
Security Cookies. We use Security Cookies for security purposes.

Get in touch

Get in touch